Staff working for private healthcare giant Universal Healthcare Services, which runs 400 hospitals and facilities in the UK and the US, have been left using pen and paper after the company’s entire global IT network was knocked offline in a suspected cyber attack.
All facilities are currently offline due to an “IT security issue”, the company confirmed late on Monday.
People claiming to be employees have been posting on social media about facilities’ computer systems allegedly being switched off over the weekend, leaving staff without access to patient records.
Some claimed to have seen files on their computer screens rename themselves with the extension “.ryk”, a signature of Ryuk ransomware.
Ryuk is malicious software that infects a device, encrypts the data and holds it until the victim pays a ransom. It has been used to target businesses, hospitals and government departments since 2018.
UHS, which owns mental health care providers Cygnet Health and the Danshell Group, said it was working with cyber security experts to try and get the systems up and running. Patient care is still being delivered using emergency “offline documentation” methods, a spokesman said.
“No patient or employee data appears to have been accessed, copied or misused,” they added.
Cyber security experts have reported an increase in successful cyber attacks now that more people are working remotely and are no longer conducting their work under the safety of their corporate network. Phishing scams, where people try to extract information using emails, are a popular tactic employed by criminals looking to gather information that will eventually grant them access to a corporate network.
It had been hoped that healthcare facilities would be safe from hackers after leading cybercrime gang Maze promised in March not to target those offering care to Covid-19 patients.
It comes as the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned that foreign groups and other malicious actors online are spreading disinformation around potential cyberattacks on US election infrastructure.
“During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote in a joint public service announcement.
The most recent high profile healthcare ransomware attack to impact the UK was the Wannacry attack which targeted the NHS in 2017, costing the taxpayer an estimated £92m.